Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today's hyper-connected digital world, every file you touch could be more dangerous than it appears. A simple spreadsheet, an innocent-looking PDF, or a shared presentation can all hide malicious code beneath their surface. These files, often exchanged freely across devices, cloud and collaboration platforms, can act as ticking time bombs. When triggered, they lead to devastating cyberattacks, massive data breaches, and severe compliance violations.

Today, we announced our Series C funding. I want to start by saying thank you to Delta-v Capital and Arthur Ventures for their partnership and conviction in what we’re building. We’re grateful for their support and for the trust they’ve placed in our team. They didn’t invest because Nucleus tells a good story.

Maybe you’re an AI builder, or maybe you’re a CISO. You've just authorized the use of AI agents for your dev team. You know the risks, including data exfiltration, prompt injection, and unvetted code execution. So when your lead engineer comes to you and says, "Don't worry, we're using Skill Defender from ClawHub to scan every new Skill," you breathe a sigh of relief. You checked the box. But have you checked this Skills scanner?

LDAP is commonly used as a centralized authentication backend for VPN gateways. In a typical setup, users submit credentials to the VPN service, which forwards them to the LDAP server for validation. The VPN gateway then grants or denies access based on the response it receives. CVE-2026-22153 does not rely on malformed packets or memory corruption. Instead, it stems from flawed authentication logic, where certain LDAP response states can be misinterpreted under specific configurations.

A recently disclosed vulnerability, tracked as CVE-2026-1731, affects BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA). The flaw is rated critical, with a CVSS v4 score of 9.9 according to the National Vulnerability Database. BeyondTrust published advisory BT26-02 confirming that an unauthenticated remote attacker may be able to execute operating system commands by sending specially crafted client requests.

You ask your OpenClaw agent to "check my Gmail." It replies, "I need to install the Google Services Action skill first. Shall I proceed?" You say yes. The agent downloads the skill from ClawHub. It reads the instructions. Then, it pauses. "This skill requires the 'openclaw-core' utility to function," the agent reports, displaying a helpful download link from the skill's README. "Please run this installer to continue." You copy the command. You paste it into your terminal. You have just been compromised.

The modern enterprise software ecosystem increasingly relies on desktop AI applications enhanced through extensible plugin or extension frameworks. These extensions are designed to improve productivity by enabling integrations with local files, browsers, APIs, developer tools, and internal systems. However, this same extensibility introduces a high-risk attack surface when extension permissions, sandboxing, and input validation are weakly enforced.